Hosting

Ben Mudge Community is primary hosted on Heroku and our user data is stored in Heroku Postgres. We make use of some additional Amazon Web Services products for file storage and content delivery. You may review Heroku’s security policy for further information, needless to say it’s pretty state of the art, they are also PCI Level 1 compliant.

Our infrastructure is secured by a limited number of engineers who use two factor authentication.

All of our web traffic is encrypted with TLS using state of the art RSA 2048 bit keys, provided by Lets Encrypt and rated “A+” by Qualys SSL Labs (as of March 2017).

Software choices

Ben Mudge Community has been developed by experienced engineers and has been build on top of quality open source software. The core application is built using Ruby on Rails and follows industry best practises. The client side application for Ben Mudge Community is built using React.

We monitor our codebase for CVE’s automatically as part of our continuous deployment process and apply security patches as soon as we are made aware. We also monitor for application errors in realtime and all issues are immediately escalated to our engineering team.

Backup policy

Ben Mudge Community’s data is backed up to multiple regions within the AWS system to prevent a single point of failure leading to data loss. Backups are stored for 30 days and then permanently deleted.